|
1 | | -*NOTE: the Test environment of CVE Services now includes the release candidate “User Registry” which adds many additional features. See the details at the end of this ReadMe doc.* |
| 1 | +*6/12/2025 NOTE: the Test environment of CVE Services now includes the release candidate “User Registry” which adds many additional features. See the [details](UserRegistry) at the end of this ReadMe doc.* |
2 | 2 |
|
3 | 3 | # CVE-API |
4 | 4 |
|
@@ -143,18 +143,34 @@ In order to run the unit tests: |
143 | 143 | npm run start:test |
144 | 144 | ``` |
145 | 145 |
|
146 | | - |
| 146 | +{#userregistry} |
147 | 147 | ### User Registry |
148 | 148 |
|
149 | 149 | The CVE Automation Working Group (on behalf of the CVE Program) is currently working on a new automation capability: the User Registry. The objective of the User Registry is to modernize how CVE Program Organizations (e.g., CNAs, Roots, Top level Roots, the Secretariat) manage/update their organizational properties and user pools. The new capability will ultimately allow CNAs, Roots, Top Level Roots to better manage their own data/user pools with more robust information. It is targeted to be implemented in a series of incremental deployments to CVE Services in the Fall/2025 through Summer/2026. |
150 | 150 |
|
151 | | -Current Status: The release candidate for the first User Registry increment (termed the User Registry MVP) is now available for testing/review in the CVE Program Testing Environment. (Note that this release IS NOT a PRODUCTION Release and will not be visible in the CVE Program PRODUCTION environment). |
152 | | -This release candidate establishes a new, more robust User/Organizations databases (and associated APIs) while maintaining full backwards compatibility with the current User/Organizational management functions (meaning that current CVE Services clients will not be required to be modified with the deployment of this candidate). It was discussed at the 6/11/2025 CVE Program AWG meeting. |
| 151 | +#### Current Status: |
| 152 | + |
| 153 | +The release candidate for the first User Registry increment (termed the User Registry MVP) is now available for testing/review in the CVE Program Testing Environment. (Note that this release IS NOT a PRODUCTION Release and will not be visible in the CVE Program PRODUCTION environment). |
| 154 | +This release candidate establishes a new, more robust User/Organizations databases (and associated APIs) while maintaining full backwards compatibility with the current User/Organizational management functions (meaning that current CVE Services clients will not be required to be modified with the deployment of this candidate). It was discussed at the [6/10/2025 CVE Program AWG meeting](https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/2025-06-10.md). |
| 155 | + |
| 156 | +#### HowTo: |
| 157 | + |
| 158 | +Credentialed users of CVE Services Test Environment will be able to use the new capabilities via the API endpoints which are described [here](https://cveawg-test.mitre.org/api-docs/) (Be sure to scroll down to the bottom of the page to review the new User Registry interfaces). |
| 159 | + |
| 160 | +Credentialed users can access the APIs by |
| 161 | + |
| 162 | +- installing/using common web application API testing tools such as [curl](https://curl.se/) or [postman](https://www.postman.com/) OR |
| 163 | + |
| 164 | +- installing/using the [User Registry Client](https://github.com/CVEProject/cve-user-registry-client) which provides a GUI interface to exercise the basic functions of the User Registry. |
| 165 | + |
| 166 | + Note that there is no support for these new endpoints in many currently available CVE Services “client” tools (e.g, Vulnogram) and hence they should not be relied upon to examine/test these interfaces. |
| 167 | + |
| 168 | +#### Next Steps: |
| 169 | + |
| 170 | +The AWG is taking comments/questions on this release candidate. You can provide feedback in three ways: |
153 | 171 |
|
154 | | -HowTo: Credentialed users of CVE Services will be able to use the new capabilities via the API endpoints. Note that support for new endpoints may not be immediately available in the “client” tools provided by the community. |
| 172 | +- Send comments/questions to AWG+owner@CVE-CWE-Programs.groups.io, |
155 | 173 |
|
156 | | -Next Steps: The AWG is taking comments/questions on this release candidate. You can provide feedback in three ways: |
157 | | -Send comments/questions to AWG+owner@CVE-CWE-Programs.groups.io, |
| 174 | +- Post Issues/Questions to the CVE Services Issue Board (please attach a “user registry” label to your post). |
158 | 175 |
|
159 | | -Post Issues/Questions to the CVE Services Issue Board (please attach a “user registry” label to your post). |
160 | | -Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00 PM Eastern US Time. Send a request for the link to AWG+owner@CVE-CWE-Programs.groups.io. |
| 176 | +- Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00 PM Eastern US Time. Send a request for the link to AWG+owner@CVE-CWE-Programs.groups.io. |
0 commit comments